npm
Sign UpSign In

@kozmoai/backstage-plugin-security-insights
TypeScript icon, indicating that this package has built-in type declarations

2.3.16 • Public • Published

GitHub Security Insights Plugin for Backstage

a list of security alerts

a list of dependabot alerts

Features

  • List detected vulnerabilities for your repository, with filtering and search.
  • Show statistics widget about detected vulnerabilities for your repository.

Plugin Setup

  1. If you have standalone app (you didn't clone this repo), then in the packages/app directory of your backstage instance, add the plugin as a package.json dependency:
yarn add @kozmoai/backstage-plugin-security-insights
  1. Import the plugin to the entityPage.tsx source file:
import {
  EntitySecurityInsightsContent,
  isSecurityInsightsAvailable,
} from '@kozmoai/backstage-plugin-security-insights';

const serviceEntityPage = (
  <EntityPageLayout>
    ...
    <EntityLayout.Route
      path="/security-insights"
      title="Security Insights"
      // Uncomment the line below if you'd like to only show the tab on entities with the correct annotations already set
      // if={isSecurityInsightsAvailable}
    >
      <EntitySecurityInsightsContent />
    </EntityLayout.Route>
    ...
  </EntityPageLayout>
);
  1. If you want to show dependabot alerts on your Backstage instance, make sure to import following code to the entityPage.tsx source file:
import {
  EntityGithubDependabotContent,
  isSecurityInsightsAvailable,
} from '@kozmoai/backstage-plugin-security-insights';

const serviceEntityPage = (
  <EntityPageLayout>
    ...
    <EntityLayout.Route
      path="/dependabot"
      title="Dependabot"
      // Uncomment the line below if you'd like to only show the tab on entities with the correct annotations already set
      // if={isSecurityInsightsAvailable}
    >
      <EntityGithubDependabotContent />
    </EntityLayout.Route>
    ...
  </EntityPageLayout>
);
  1. Run backstage app with yarn start and navigate to services tabs.

Widget setup

security insights widget

dependabot alerts widget

  1. You must install plugin by following the steps above to add widgets to your Overview.

  2. Add security insights widget to your Overview tab:

// packages/app/src/components/catalog/EntityPage.tsx
import {
  SecurityInsightsWidget,
  isSecurityInsightsAvailable,
} from '@kozmoai/backstage-plugin-security-insights';

...
const overviewContent = (
  <Grid container spacing={3} alignItems="stretch">
    ...
    <EntitySwitch>
      <EntitySwitch.Case if={isSecurityInsightsAvailable}>
        <Grid item md={6}>
          <SecurityInsightsWidget/>
        </Grid>
      </EntitySwitch.Case>
    </EntitySwitch>
    ...
  </Grid>
);
  1. Add dependabot alerts widget to your Overview tab:
// packages/app/src/components/catalog/EntityPage.tsx
import {
  DependabotAlertsWidget,
  isSecurityInsightsAvailable,
} from '@kozmoai/backstage-plugin-security-insights';

...
const overviewContent = (
  <Grid container spacing={3} alignItems="stretch">
    ...
    <EntitySwitch>
      <EntitySwitch.Case if={isSecurityInsightsAvailable}>
        <Grid item md={6}>
          <DependabotAlertsWidget />
        </Grid>
      </EntitySwitch.Case>
    </EntitySwitch>
    ...
  </Grid>
);
  1. Per default, all severity level alerts will be included and shown on the widget. However, severity level for dependabot alerts shown in Dependabot alerts widget is configurable via app-config. For example, if you want to show only high and medium severity alerts, you can do it in the following way.
// app-config.yaml
dependabotAlertsConfiguration:
  severity: [ high, medium]

Links

Readme

Keywords

none

Package Sidebar

Install

npm i @kozmoai/backstage-plugin-security-insights

Repository

github.com/kozmoai/glint-backstage-plugins

Homepage

glint.io/backstage/plugins/security-insights/

Weekly Downloads

1

Version

2.3.16

License

Apache-2.0

Unpacked Size

142 kB

Total Files

17

Last publish

Collaborators

  • mohamedbench
Try on RunKit
Report malware